Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/GvJkoOhFX3_PUfDYysPFT8eDj44.roa
File:                     GvJkoOhFX3_PUfDYysPFT8eDj44.roa (raw, json)
Hash identifier:          ZtUF0kvAdrc/IeI941LgAU3hG90PobO2sJTxocJUwZU=
Subject key identifier:   1A:F2:64:A0:E8:45:5F:7F:CF:51:F0:D8:CA:C3:C5:4F:C7:83:8F:8E
Certificate issuer:       /CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
Certificate serial:       0185706754EAB9232CC280DA32B2A4056584
Authority key identifier: 34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/GvJkoOhFX3_PUfDYysPFT8eDj44.roa
Signing time:             Mon 02 Jan 2023 02:54:58 +0000
ROA not before:           Mon 02 Jan 2023 02:54:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16125
IP address blocks:        46.166.160.0/20 maxlen: 32
                          185.8.104.0/22 maxlen: 32
                          5.199.160.0/20 maxlen: 32
                          93.115.24.0/21 maxlen: 32
                          185.150.116.0/22 maxlen: 32
                          188.214.128.0/21 maxlen: 32
                          2a02:ae00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 24 Mar 2023 06:36:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:67:54:ea:b9:23:2c:c2:80:da:32:b2:a4:05:65:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
        Validity
            Not Before: Jan  2 02:54:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1af264a0e8455f7fcf51f0d8cac3c54fc7838f8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b7:11:ef:45:93:a6:f5:2f:b7:35:a8:d9:ff:
                    20:e6:2a:a8:35:69:f4:19:66:cd:f9:d4:a5:26:c9:
                    a7:3d:ab:25:4d:36:f1:99:dc:cb:b0:1e:27:b6:48:
                    39:8a:e9:2a:d6:5f:5f:6d:b0:47:a5:50:6d:7c:10:
                    4a:7b:f9:e8:dd:aa:fd:f7:d8:45:4b:d0:94:37:2c:
                    ba:67:91:b8:6b:26:44:a3:94:16:19:71:a1:e1:8c:
                    a2:37:dd:61:f8:00:c0:ce:b7:f4:05:15:dd:d2:40:
                    c7:0c:2b:20:cd:9b:e3:f5:bf:04:14:72:1c:ab:f3:
                    8a:4c:2f:ed:a5:ae:c3:70:c7:29:49:0f:8e:30:47:
                    16:a6:e8:a3:0c:c5:be:b1:9c:95:3a:73:35:23:94:
                    bb:05:9f:57:8d:b0:84:58:c5:fd:16:46:1b:1a:4f:
                    54:a3:28:ef:ac:a5:ce:32:5f:d1:03:21:d3:2f:e7:
                    35:f7:66:37:5f:ac:18:cc:7c:ea:a1:71:49:c2:37:
                    14:b1:2f:b1:3c:e7:0e:b7:13:c7:1f:02:c5:d0:1f:
                    ff:ce:31:22:3e:69:d4:c3:f4:05:c2:35:a3:4e:85:
                    2d:94:7c:0f:75:a7:87:b3:70:f3:03:43:c6:e0:51:
                    a0:74:e0:44:ca:1c:f7:cc:36:4c:7f:e6:31:0f:1b:
                    6c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:F2:64:A0:E8:45:5F:7F:CF:51:F0:D8:CA:C3:C5:4F:C7:83:8F:8E
            X509v3 Authority Key Identifier:
                keyid:34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/GvJkoOhFX3_PUfDYysPFT8eDj44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.160.0/20
                  46.166.160.0/20
                  93.115.24.0/21
                  185.8.104.0/22
                  185.150.116.0/22
                  188.214.128.0/21
                IPv6:
                  2a02:ae00::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:00:53:7e:f1:85:96:35:fd:3b:65:a6:f5:16:7a:59:d4:af:
         27:b9:2d:e7:fb:cb:78:74:20:dc:b8:ef:7d:e0:2f:7e:b1:49:
         1b:97:db:dd:2f:c4:c9:86:0d:ec:9d:66:31:bf:3f:ee:07:02:
         16:dc:3d:59:fa:72:1c:44:0b:ac:44:d8:45:61:87:37:44:1e:
         1f:1f:40:ac:d2:95:cd:5e:ac:61:e9:b5:f1:b6:2c:c6:32:91:
         44:1a:bc:f6:7d:eb:25:cd:5b:04:bb:a2:24:9f:7e:5e:01:fd:
         97:ce:79:f1:5a:c5:0c:e9:df:33:f5:09:b8:10:53:3f:98:1d:
         ca:22:ba:46:32:bd:5d:9e:15:ba:af:8b:9d:56:b6:10:3f:d4:
         a3:48:d8:fe:69:fe:95:4b:31:db:98:7d:0e:10:e1:62:67:52:
         56:98:9e:37:6f:42:23:90:b0:ac:09:b2:34:85:40:64:2c:6e:
         e6:a0:10:d0:aa:57:0b:25:a1:56:db:f9:3f:fe:96:a8:69:94:
         18:bb:45:e2:25:f3:e9:d5:92:1a:dc:af:21:ac:3d:af:15:6e:
         84:91:14:17:5b:95:19:65:1c:4a:d5:83:61:eb:b9:5e:d8:41:
         9f:c4:bf:a1:13:14:80:61:e0:af:44:b9:45:54:2b:04:43:65:
         be:b9:22:6c
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVwZ1TquSMswoDaMrKkBWWEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MzNhZTFjNjA2NzJjNzU5MWE4Zjk3ZDY4Zjc5ZmIyYTVl
ZThkYTcwHhcNMjMwMTAyMDI1NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWYyNjRhMGU4NDU1ZjdmY2Y1MWYwZDhjYWMzYzU0ZmM3ODM4ZjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrcR70WTpvUvtzWo2f8g5iqoNWn0
GWbN+dSlJsmnPaslTTbxmdzLsB4ntkg5iukq1l9fbbBHpVBtfBBKe/no3ar999hF
S9CUNyy6Z5G4ayZEo5QWGXGh4YyiN91h+ADAzrf0BRXd0kDHDCsgzZvj9b8EFHIc
q/OKTC/tpa7DcMcpSQ+OMEcWpuijDMW+sZyVOnM1I5S7BZ9XjbCEWMX9FkYbGk9U
oyjvrKXOMl/RAyHTL+c192Y3X6wYzHzqoXFJwjcUsS+xPOcOtxPHHwLF0B//zjEi
PmnUw/QFwjWjToUtlHwPdaeHs3DzA0PG4FGgdOBEyhz3zDZMf+YxDxtsZQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFBryZKDoRV9/z1Hw2MrDxU/Hg4+OMB8GA1UdIwQY
MBaAFDQzrhxgZyx1kaj5fWj3n7Kl7o2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYt
MzBjZTgzNzAxYjM5LzEvR3ZKa29PaEZYM19QVWZEWXlzUEZUOGVEajQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYtMzBjZTgzNzAxYjM5
LzEvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQEBcegAwQE
LqagAwQDXXMYAwQCuQhoAwQCuZZ0AwQDvNaAMA0EAgACMAcDBQAqAq4AMA0GCSqG
SIb3DQEBCwUAA4IBAQBSAFN+8YWWNf07Zab1FnpZ1K8nuS3n+8t4dCDcuO994C9+
sUkbl9vdL8TJhg3snWYxvz/uBwIW3D1Z+nIcRAusRNhFYYc3RB4fH0Cs0pXNXqxh
6bXxtizGMpFEGrz2feslzVsEu6Ikn35eAf2XznnxWsUM6d8z9Qm4EFM/mB3KIrpG
Mr1dnhW6r4udVrYQP9SjSNj+af6VSzHbmH0OEOFiZ1JWmJ43b0IjkLCsCbI0hUBk
LG7moBDQqlcLJaFW2/k//paoaZQYu0XiJfPp1ZIa3K8hrD2vFW6EkRQXW5UZZRxK
1YNh67le2EGfxL+hExSAYeCvRLlFVCsEQ2W+uSJs
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:13 2024 by rpki-client on console-fra.rpki-client.org